Changeset View
Changeset View
Standalone View
Standalone View
head/multimedia/mythtv/files/patch-CVE-2017-09992
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
From 536af4212100dee1577fe2d30814762c58038efc Mon Sep 17 00:00:00 2001 | |||||
From: Michael Niedermayer <michael@niedermayer.cc> | |||||
Date: Fri, 5 May 2017 20:42:11 +0200 | |||||
Subject: [PATCH] avcodec/dfa: Fix off by 1 error | |||||
Fixes out of array access | |||||
Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488 | |||||
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
(cherry picked from commit f52fbf4f3ed02a7d872d8a102006f29b4421f360) | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
--- | |||||
libavcodec/dfa.c | 2 +- | |||||
1 file changed, 1 insertion(+), 1 deletion(-) | |||||
diff --git libavcodec/dfa.c libavcodec/dfa.c | |||||
index f45d019a792..5ddb647c4cb 100644 | |||||
--- external/FFmpeg/libavcodec/dfa.c | |||||
+++ external/FFmpeg/libavcodec/dfa.c | |||||
@@ -175,7 +175,7 @@ static int decode_dds1(GetByteContext *gb, uint8_t *frame, int width, int height | |||||
return AVERROR_INVALIDDATA; | |||||
frame += v; | |||||
} else { | |||||
- if (frame_end - frame < width + 3) | |||||
+ if (frame_end - frame < width + 4) | |||||
return AVERROR_INVALIDDATA; | |||||
frame[0] = frame[1] = | |||||
frame[width] = frame[width + 1] = bytestream2_get_byte(gb); |